6 matches found
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
PYSEC-2024-52
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
CVE-2024-37568
Technical details for CVE-2024-37568 are not publicly available in the provided documents. Monitor for updates from upstream and security advisories.
PT-2024-27665 · Unknown +2 · Lepture Authlib +2
Name of the Vulnerable Software and Affected Versions: lepture Authlib versions prior to 1.3.1 Description: The issue concerns algorithm confusion with asymmetric public keys in lepture Authlib. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetri...
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...